Flyyee

**Name of the Vulnerable Software and Affected Versions** Libheif version 1.17.6 **Description** The issue is related to the `ImageOverlay::parse()` function in the libheif decoder and encoder for video and photo file formats. It involves an out-of-bounds read and write due to insufficient checks when decoding a HEIF file containing an overlay image with forged offsets. This could allow a remote attacker to access confidential information. **Recommendations** For Libheif version 1.17.6, consider disabling the `ImageOverlay::parse()` function until a patch is available to prevent potential out-of-bounds read and write exploits. Restrict access to HEIF files containing overlay images to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenImageIO versions prior to 2.5.13.1 **Description** The issue is related to a bug in the heif input functionality of OpenImageIO, specifically in the `HeifInput::seek subimage()` function. This bug can lead to an information disclosure issue, particularly for programs that directly use the `ImageInput` APIs. **Recommendations** For versions prior to 2.5.13.1, upgrade to version 2.5.13.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `HeifInput::seek subimage()` function until the upgrade is applied.